CVE-2025-20718 is a stack overflow vulnerability classified under CWE-121, found in the WLAN Access Point (AP) driver of multiple MediaTek chipsets (MT6890, MT7615, MT7622, MT7663, MT7915, MT7916, MT7981, MT7986). The root cause is an incorrect bounds check that allows an out-of-bounds write on the stack, which can corrupt memory and lead to escalation of privileges. The vulnerability requires the attacker to have local user execution privileges but does not require any user interaction, making it easier to exploit once local access is obtained. The affected software versions include MediaTek SDK release 7.6.7.2 and earlier, and openWRT versions 19.07 and 21.02, which are commonly used in embedded devices and routers. Although no public exploits have been reported, the vulnerability poses a significant risk because it can allow an attacker to gain elevated privileges, potentially leading to full system compromise. The flaw impacts confidentiality and integrity by enabling unauthorized code execution and modification of system memory. The vulnerability was reserved in November 2024 and published in October 2025, but no CVSS score has been assigned yet. Due to the nature of the vulnerability and the affected components, it is critical for device manufacturers and users to apply patches or firmware updates once available. The vulnerability is particularly relevant for embedded systems and networking devices that rely on MediaTek chipsets, which are widely used globally, including in Europe.

For European organizations, this vulnerability could have serious consequences, especially for those relying on networking equipment or embedded devices powered by the affected MediaTek chipsets. Successful exploitation could allow attackers with local access to escalate privileges, potentially gaining control over critical network infrastructure components such as wireless access points and routers. This could lead to unauthorized access to sensitive data, disruption of network services, and further lateral movement within organizational networks. The impact on confidentiality and integrity is high, as attackers could manipulate device firmware or intercept network traffic. Availability could also be affected if the device becomes unstable or is taken offline due to exploitation. Given the widespread use of openWRT in custom and commercial routers, organizations using these platforms are at increased risk. The lack of user interaction requirement lowers the barrier for exploitation once local access is achieved, increasing the threat level. European sectors with critical infrastructure, telecommunications, and enterprises with extensive wireless deployments are particularly vulnerable.

1. Apply patches or firmware updates from MediaTek or device vendors as soon as they become available to address the vulnerability. 2. For organizations using openWRT, upgrade to versions beyond 21.02 that include the fix or apply vendor-provided patches. 3. Restrict local user access to devices running affected chipsets to trusted personnel only, minimizing the risk of local exploitation. 4. Implement strict network segmentation and access controls to limit the ability of attackers to gain local access to vulnerable devices. 5. Monitor device logs and network traffic for unusual activity that could indicate exploitation attempts or privilege escalation. 6. Employ endpoint detection and response (EDR) tools capable of detecting memory corruption or privilege escalation behaviors. 7. Conduct regular security audits and vulnerability assessments on embedded devices and network infrastructure to identify and remediate outdated firmware. 8. Educate IT staff about the risks associated with local privilege escalation vulnerabilities and the importance of timely patching.